Block All DNS Except

[ColinTaylor]

No, because all the client's traffic including DNS is going through an encrypted tunnel. That's the whole point of a VPN. The only thing the router sees is the port number and IP address of the VPN server the client is connecting to. Typically the port used is 443 which makes it indistinguishable from any other HTTPS traffic. So the only realistic way to block it would be to block access to the VPN server's IP address. That would of course block all VPN access not just DNS requests.

 

[macster2075]

Then just use the Network Services Filter to block port 53 TCP and UDP. NSF only effects LAN to WAN traffic so it won't effect the router's own DNS requests. It's basically generating the same iptables commands.

@ColinTaylor hey Colin, I would like to try this. What do I need to enter in the fields to accomplish this?

 

[ColinTaylor]

@ColinTaylor hey Colin, I would like to try this. What do I need to enter in the fields to accomplish this?

Exactly as shown in the screenshot.

 

[macster2075]

Exactly as shown in the screenshot.

oh wow.. ok, I will give that a try.. thanks!

 

[macster2075]

When I enable it, the internet breaks. Some sites work, some don't.

EDIT:
If I enable it, the internet becomes pretty much useless.
I have a fresh installation of the firmware.

 

[macster2075]

How come wired devices don't follow the rules like wireless devices?
What I mean is, I notice on wired devices, I can change its DNS service bypassing Pihole's DNS. (Even if Router is set to Global)

But, I can't do that with wireless devices. Even if I change the DNS server on my phone, it will stick to whatever DNS server is set on the Router, which is the way I would want it to be for all devices.

EDIT:
Sorry, didn't mean to hijack this thread.. I will create a new one.